Old security vulnerabilities come back to haunt modern industrial and IoT products

September 24, 2020

The importance of security by design has been recently highlighted by a discovery of 19 vulnerabilities in a lightweight TCP/IP library released back in the 1990s, known as Ripple20. Though it was released nearly 30 years ago, this realisation has made organisations across industries more fully aware of cybersecurity flaws they never even knew existed.

Of course, not every vulnerability represents a critical security flaw, but some are very serious and can have effects that allow a hacker to control a device remotely or deny availability. Impacted devices number in the millions, again with varying degrees of criticality. Some, like printers or smart home devices, may not pose immediate safety risks; however, other affected devices include power grid equipment, transportation systems, mobile communication devices, commercial aircraft devices, enterprise systems, and more. With organisations scrambling to ensure that they patch any vulnerabilities, old and new, it’s imperative to ensure that steps are taken that history doesn’t repeat itself.

Security decisions made 20 or 30 years ago for industrial control systems (ICS) or the nascent technology that would develop into IoT were often secondary to functional requirements, such as availability or latency periods. As a consequence, cybersecurity was often treated as an afterthought, with organisations coming up with solutions to secure key devices and systems after they had been created, manufactured and implemented, instead integrating security into the initial design.

This, combined with the traditional divide between OT (operational technology) and IT (information technology) teams, means that organisations are left with vulnerabilities that are can be very difficult to resolve.

Ensuring the security of devices will certainly be key as IoT technology continues to expand and as other industries adopt decentralised networks, spread across devices. By adopting a security tool that can be retrofitted to current and legacy devices, and focusing on integrating security measures during the design process of new devices or networks, organisations can prevent being taken by surprise by old vulnerabilities.

Related Articles

With digital transformation comes new digital identities

With digital transformation comes new digital identities

Digital transformation has changed the business world dramatically, implementing effective changes that have streamlined processes, increased efficiency and aided new and old ventures alike. However, with the increase in dependence on these emerging technologies,...

Creating Smart Cities using data and IoT technology

Creating Smart Cities using data and IoT technology

The Covid-19 pandemic has shown the use (and even necessity) of collecting data en masse – something that proponents of Smart Cities have been pushing for years. Of course, there are limits to the usefulness of simply collecting any and all kinds of data, and...

Translate »